On Wed, 2004-04-14 at 10:43, Mike Kershaw wrote: > I use the OpenSSH user chroot patch, here: > http://sourceforge.net/projects/chrootssh/ > > and it works like a charm. It uses a magic token in the users home dir path > in passwd - so users home dirs become: > /path/to/chroot/base/./path/to/user/home > > We combine it with the 'scponly' shell to provide scp upload services for > 1400+ students on a web server, chrooted into the base home dir to keep them > from wandering around in the system. > > It's relatively painless to set up the chroot env in this way - users can only > ever see other user data, and we control that with file permissions > and posix ACLs. Chroot gets a little less attractive if you want every user in > their own individual jail.
Since they tend to need access to system binaries, yes. Unless you have a severely padded shell (i.e. something like "scponly"), chroot isn't worth the bother. Particularly if you create user directories so they, by default, are not public. Adam ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
